August 13, 2021
By Natalie Winters
An election security report authored by House Democrats in 2018 expressed support for post-election audits in response to a plethora of vulnerabilities in U.S. election infrastructure, including machines that could be susceptible to “altered vote totals” and influence efforts carried out by the Chinese Communist Party.
Inaugurated in June 2017, the Congressional Task Force on Election Security counted six exclusively Democratic representatives selected by Nancy Pelosi. Convened to “protect electoral infrastructure” from foreign interference, the group published their findings in a 56-page report in January 2018.
Many of the assertions about the lax security of U.S. election infrastructure and subsequent solutions are at odds with Democratic leaders – including Joe Biden’s own Department of Justice – position on audits and outcome accuracy.
The task force’s primary finding – “OUR ELECTION INFRASTRUCTURE IS VULNERABLE” – appears to lend credence to claims that the results of the 2020 election could have been manipulated by a foreign actor. Upon the report’s release, no mainstream media outlets criticized House Democrats for subverting U.S. democracy with “conspiracy theories,” as they have done with individuals making the same claims in the context of the 2020 election.
The report highlights problems presented with the use of voting machines, “unequivocally” insisting that “many jurisdictions are using voting machines that are highly vulnerable to an outside attack.”
It continues, noting how even voting systems – including those that aren’t connected to the internet – could be susceptible to “alter[ed] vote totals”:
Some will defend the security of election systems by arguing that voting systems are secure because they are not connected to the internet. However, many voting machines contain software or hardware that could be used to connect to the internet. In addition, many machines use removable memory cards or USB sticks to program their machines with ballot data, and it is possible to infect a memory card with malware that could crash a machine or alter vote totals.
The report also presents scenarios whereby hackers could manipulate “unattended” machines in person or their memory cards:
“A hacker could exploit the memory card vulnerability in a few different ways. First, an attacker could physically access the machines. While this may seem unlikely, voting machines are sometimes left unattended in polling stations in the days leading up to an election. A greater threat, however, comes from outside vendors. The Brennan Center reports that a relatively small number of outside vendors can be responsible for programming the memory cards for multiple counties in a state. For example, according to Professor J. Alex Halderman, Director of the University of Michigan’s Center for Computer Security and Society, “In Michigan, 75% of counties use just two 20-person companies to do that programming.”
The report singles out China as one of the “four greatest state-actor threats,” noting that “the most concerning issue is China’s advanced cyber warfare capabilities could be rapidly deployed and used against the U.S. and our interests should their political motivations and calculations change.” A report from the National Counterintelligence and Security Center (NCSC) concluded that the Chinese Communist Party “prefers President Trump doesn’t win re-election.”
“China has engaged in various cyber operations either for espionage or political motivations. Furthermore, China, together with Russia, tops the list of state actors that possess the most sophisticated capabilities and have also integrated their cyber tactics into their warfighting strategies and doctrines,” the task force adds.
Among the proposed solutions were that “states should conduct risk-limiting post-election audits.”
“Election security experts agree that all states should be routinely conducting these audits to detect any anomalies in election results and to increase the public’s confidence in elections,” the task force summarizes before reiterating that audits “increase public confidence in the election system.”
“These audits are useful in detecting any incorrect election outcomes, whether they are caused by a cyberattack or something more mundane like a programming error,” the report reiterates.
“Federal funds should be provided to help states replace aging, vulnerable voting machines with paper ballots,” the report also argues before admitting that “many states purchase their voting systems from third-party vendors who have little financial incentive to prioritize election security, and are not subject to regulations requiring them to use cybersecurity best practices.”